get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 58a24cd8839d196aece95a724283139025d99b62..2e03a70fc79d9a9d8bfd00faa396fdcbd361a189 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -108,16 +108,21 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <limits.h>
 #include <string.h>
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "ssl_locl.h"
 
 /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
 int ssl3_do_write(SSL *s, int type)
@@ -520,6 +525,20 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                        else ret= -1;
                        }
                }
+#ifndef OPENSSL_NO_EC
+       /* As for ECC certificates, additional
+        * information (e.g. in the optional key usage X509v3 
+        * extension) could be used when available to distinguish
+        * between ECDH and ECDSA certificates. For now, we do not
+        * make that distinction here. Instead, we shift the burden
+        * of checking for appropriate key usage to the SSL code
+        * responsible for sending/processing ECC certificates.
+        */
+       else if (i == EVP_PKEY_EC)
+               {
+               ret = SSL_PKEY_ECC;
+               }
+#endif
        else
                ret= -1;